5. Purpose and legal grounds for processing personal data

Personal data recorded in the register is processed for the purpose of organising library services. Libraries use the register for the purposes of monitoring circulation, debt collection, statistics, communications, providing online and mobile services as well as self-service library and other library services and user identification.

Legal grounds for processing personal data:

According to article 6, point c, of the EU General Data Protection Regulation, processing is necessary for compliance with a legal obligation to which the controller is subject.

- for sending out customer mail: language selection and preferred mode of communication

- circulation events, information on current loans and reserved items

- unresolved issues (e.g. open payments) and related notifications

Personal data of a person acting as the person responsible for a child under the age of 15 and of a person acting as the contact person of an institution or other community will be recorded in a corresponding manner.

Customers can access some of the data via the library online service at helmet.fi. Customers will need a user ID and a personal PIN code to view their personal data.

7. Regular sharing of the personal data

Each City Library sees to the debt collection on loaned items that have not been returned. Data on registered adults who have not returned loaned items within 60 days from the due date will be handed over to a debt collection agency once a week as a line transfer. The transferred file will include the name, address, phone number and personal ID of the person registered, as well as the due date and title and price information of the unreturned items.

Personal data will be processed by the following suppliers of services that are provided by the library and used by the customer:

- library management system software provider

- library management system’s hosting service provider

- self check-out and return machines’ providers

- self-service library systems’ providers

- online service providers

- mobile service providers

- online payment service provider

- e-material providers

- providers of devices and equipment intended for customer use

Anonymised data will be used for:

- recommendation services

- statistical and research purposes

Contracts have been signed for the aforementioned services with the service providers.

Some of the service providers also operate outside the EU or EEA.

8. Data retention time

Personal details submitted in advance by the customer in the library’s customer register via the library online service will be removed if the customer has not picked up their library card in three months.

Personal details that have not been used by the customer for three years and that do not involve unresolved issues (e.g. open payments) will be removed from the customer register. Data is removed from the register once a year.

9. Information sources for personal data

Personal data is acquired from the customer. The customer can update some of their personal data themself in the library’s customer register via the library online services at helmet.fi. Updating the data requires that the customer has a user ID and PIN code.

(Address) Details provided by the customer can be verified and updated through the Finnish Population Information System.

10. Informing the people registered

The library card provided to the customer includes information on the website that features links to the description of the personal data file, user regulations and contact information of the City Libraries.

Description of the personal data file and user regulations can be requested from any library in Espoo, Helsinki, Kauniainen or Vantaa.